WP-Safety

EngageBay WooCommerce Addon Security & Risk Analysis

wordpress.org/plugins/engagebay-woocommerce-addon

Automate your eCommerce with WooCommerce + EngageBay — run smart campaigns, boost engagement, and personalize messaging to grow your business faster.

40 active installs v4.2.3 PHP 7.4+ WP 3.7+ Updated May 13, 2025
email-marketing-woocommerceengagebay-woocommerce-integrationinbound-marketingmarketing-automationwoocommerce-crm
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EngageBay WooCommerce Addon Safe to Use in 2026?

Generally Safe

Score 92/100

EngageBay WooCommerce Addon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The engagebay-woocommerce-addon v4.2.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent practices regarding SQL queries, utilizing prepared statements exclusively, and has a very high rate of properly escaped output. Furthermore, there is no recorded vulnerability history, suggesting a history of secure development or effective patching.

However, significant concerns arise from the static analysis. The plugin has a small attack surface, but critically, one of its entry points via AJAX handlers lacks authentication checks. This is a direct pathway for potential unauthorized actions or information disclosure. While the taint analysis found no critical or high severity unsanitized paths, the absence of capability checks across the board, coupled with the unprotected AJAX handler, indicates a potential for privilege escalation or unauthorized execution if an attacker can leverage this entry point. The presence of file operations and a notable number of external HTTP requests, while not inherently problematic, could become vectors if the unprotected AJAX handler is exploited to manipulate these functionalities.

In conclusion, the plugin's strengths lie in its robust handling of database operations and output sanitization, and its clean vulnerability history. The primary weakness, and the most pressing security risk, is the unprotected AJAX handler. This single unauthenticated entry point significantly degrades the overall security posture and requires immediate attention.

Key Concerns

  • AJAX handler without authentication check
  • No capability checks implemented
Vulnerabilities
None known

EngageBay WooCommerce Addon Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EngageBay WooCommerce Addon Release Timeline

v4.2.3Current
v4.2.2
v4.2.1
v4.2
v4.1.5
v4.1.4
v4.1.3
v4.1.2
v4.1
v4.0
v3.8.2
v3.8.1
v3.8
v3.7
v3.6
v3.5
v3.4
v3.3
v3.2
v3.1
Code Analysis
Analyzed Apr 16, 2026

EngageBay WooCommerce Addon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
3
70 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
20
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

96% escaped73 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
engagebay_wc_configuration_page (config/class-engagebay-wc-admin-settings.php:276)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

EngageBay WooCommerce Addon Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_engagebay_wc_bulk_sync_ajaxclasses/class-engagebay-wc.php:105
WordPress Hooks 20
actionengagebay_wc_sync_custom_fields_actionclasses/class-engagebay-wc.php:91
actionadmin_menuclasses/class-engagebay-wc.php:92
actionadmin_initclasses/class-engagebay-wc.php:93
actionadmin_enqueue_scriptsclasses/class-engagebay-wc.php:94
actionwp_loadedclasses/class-engagebay-wc.php:95
actionwoocommerce_order_status_changedclasses/class-engagebay-wc.php:98
actionwoocommerce_subscription_status_updatedclasses/class-engagebay-wc.php:102
actionengagebay_wc_bulk_sync_customers_actionclasses/class-engagebay-wc.php:106
actionengagebay_wc_bulk_sync_orders_actionclasses/class-engagebay-wc.php:107
actionengagebay_wc_checkout_orders_actionclasses/class-engagebay-wc.php:108
actionengagebay_wc_checkout_orders_cron_hookclasses/class-engagebay-wc.php:109
actionuser_registerclasses/class-engagebay-wc.php:153
actionwoocommerce_update_customerclasses/class-engagebay-wc.php:154
actionwoocommerce_checkout_order_processedclasses/class-engagebay-wc.php:158
actionwoocommerce_store_api_checkout_order_processedclasses/class-engagebay-wc.php:159
actionwoocommerce_checkout_subscription_createdclasses/class-engagebay-wc.php:163
actionwp_enqueue_scriptsclasses/class-engagebay-wc.php:167
actionwoocommerce_cart_updatedclasses/class-engagebay-wc.php:170
actionengagebay_wc_abandoned_cart_cron_actionclasses/class-engagebay-wc.php:195
actionbefore_woocommerce_initengagebay-woocommerce.php:33

Scheduled Events 2

engagebay_wc_sync_custom_fields_cron_hook
engagebay_wc_sync_custom_fields_cron_hook
Maintenance & Trust

EngageBay WooCommerce Addon Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 13, 2025
PHP min version7.4
Downloads9K

Community Trust

Rating20/100
Number of ratings1
Active installs40
Alternatives

EngageBay WooCommerce Addon Alternatives

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

A
89

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs
Integration with HubSpot for WooCommerce

Integration with HubSpot for WooCommerce

hubwoo-integration

A
85

A very powerful plugin to integrate your WooCommerce store with HubSpot seemlesly.

100 No CVEs
ActiveCampaign – The autonomous marketing platform

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

A
97

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs
Developer Profile

EngageBay WooCommerce Addon Developer Profile

engagebay

7 plugins · 430 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EngageBay WooCommerce Addon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/engagebay-woocommerce-addon/assets/css/engagebay-wc-admin.css/wp-content/plugins/engagebay-woocommerce-addon/assets/js/engagebay-wc-admin.js/wp-content/plugins/engagebay-woocommerce-addon/assets/js/engagebay-wc-frontend.js
Script Paths
/wp-content/plugins/engagebay-woocommerce-addon/assets/js/engagebay-wc-admin.js/wp-content/plugins/engagebay-woocommerce-addon/assets/js/engagebay-wc-frontend.js
Version Parameters
/engagebay-woocommerce-addon/assets/css/engagebay-wc-admin.css?ver=/engagebay-woocommerce-addon/assets/js/engagebay-wc-admin.js?ver=/engagebay-woocommerce-addon/assets/js/engagebay-wc-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
engagebay-wc-admin-wrapperengagebay-wc-settings-field
HTML Comments
EngageBay WooCommerce Addon
Data Attributes
data-engagebay-wc-fielddata-engagebay-wc-api-keydata-engagebay-wc-sync-customersdata-engagebay-wc-sync-orders
JS Globals
engagebay_wc_settings
FAQ

Frequently Asked Questions about EngageBay WooCommerce Addon